#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/HideWindows.C IRC Checkin"; flow:established,to_server; content:"PASS 6667|0a|"; content:"NICK pr0n|7c 30 0a|"; distance:0; fast_pattern; content:"USER Pmx|20 22 2a 22 20 22|"; distance:0; content:"|22 20 3a|pr0n|0a|"; reference:md5,4645b7883d5c8fee6579cc79dee5f683; reference:url,thisissecurity.net/2015/11/05/low-cost-point-of-sales-pos-hacking/; classtype:trojan-activity; sid:2022064; rev:1; metadata:created_at 2015_11_11, former_category MALWARE, updated_at 2015_11_11;)

Added 2021-09-21 20:00:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/HideWindows.C IRC Checkin"; flow:established,to_server; content:"PASS 6667|0a|"; content:"NICK pr0n|7c 30 0a|"; distance:0; fast_pattern; content:"USER Pmx|20 22 2a 22 20 22|"; distance:0; content:"|22 20 3a|pr0n|0a|"; reference:md5,4645b7883d5c8fee6579cc79dee5f683; reference:url,thisissecurity.net/2015/11/05/low-cost-point-of-sales-pos-hacking/; classtype:trojan-activity; sid:2022064; rev:1; metadata:created_at 2015_11_10, former_category MALWARE, updated_at 2015_11_10;)

Added 2020-08-05 19:11:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/HideWindows.C IRC Checkin"; flow:established,to_server; content:"PASS 6667|0a|"; content:"NICK pr0n|7c 30 0a|"; distance:0; fast_pattern; content:"USER Pmx|20 22 2a 22 20 22|"; distance:0; content:"|22 20 3a|pr0n|0a|"; metadata: former_category MALWARE; reference:md5,4645b7883d5c8fee6579cc79dee5f683; reference:url,thisissecurity.net/2015/11/05/low-cost-point-of-sales-pos-hacking/; classtype:trojan-activity; sid:2022064; rev:1; metadata:created_at 2015_11_10, updated_at 2015_11_10;)

Added 2019-09-26 19:58:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/HideWindows.C IRC Checkin"; flow:established,to_server; content:"PASS 6667|0a|"; content:"NICK pr0n|7c 30 0a|"; distance:0; fast_pattern; content:"USER Pmx|20 22 2a 22 20 22|"; distance:0; content:"|22 20 3a|pr0n|0a|"; reference:md5,4645b7883d5c8fee6579cc79dee5f683; reference:url,thisissecurity.net/2015/11/05/low-cost-point-of-sales-pos-hacking/; classtype:trojan-activity; sid:2022064; rev:1; metadata:created_at 2015_11_10, updated_at 2015_11_10;)

Added 2018-09-13 19:51:55 UTC


Added 2018-09-13 18:00:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/HideWindows.C IRC Checkin"; flow:established,to_server; content:"PASS 6667|0a|"; content:"NICK pr0n|7c 30 0a|"; distance:0; fast_pattern; content:"USER Pmx|20 22 2a 22 20 22|"; distance:0; content:"|22 20 3a|pr0n|0a|"; reference:md5,4645b7883d5c8fee6579cc79dee5f683; reference:url,thisissecurity.net/2015/11/05/low-cost-point-of-sales-pos-hacking/; classtype:trojan-activity; sid:2022064; rev:1; metadata:created_at 2015_11_10, updated_at 2015_11_10;)

Added 2017-08-07 21:16:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/HideWindows.C IRC Checkin"; flow:established,to_server; content:"PASS 6667|0a|"; content:"NICK pr0n|7c 30 0a|"; distance:0; fast_pattern; content:"USER Pmx|20 22 2a 22 20 22|"; distance:0; content:"|22 20 3a|pr0n|0a|"; reference:md5,4645b7883d5c8fee6579cc79dee5f683; reference:url,thisissecurity.net/2015/11/05/low-cost-point-of-sales-pos-hacking/; classtype:trojan-activity; sid:2022064; rev:1;)

Added 2015-11-10 17:14:36 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats